process

More documents

Recommendations

Info

4 Object Manager (II) In part, a heap manager… Allocates memory for data structure from system-wide, kernel space heaps (pageable or nonpageable) … with a few extra functions: Assigns name to data structure (optional) Allows lookup by name Objects can be protected by ACL-based security Provides uniform naming, sharing, and protection scheme Simplifies C2 security certification by centralizing all object protection in one place Maintains counts of handles and references (stored pointers in kernel space) to each object Object cannot be freed back to the heap until all handles and references are gone
5 Executive Objects vs. Kernel Objects Owned by the Object manager Name HandleCount ReferenceCount Type Owned by the kernel Owned by the executive Kernel Object Executive Object Kernel objects are primitive objects implemented by the kernel Executive objects are implemented by executive components e.g. <strong>process</strong> manager, memory manager, I/O subsystem, etc. Executive objects can contain kernel objects
Page 1 and 2: Core System Mechanisms and Windows
Page 3: 3 Object Manager (I) Executive comp
Page 7 and 8: 7 Executive Objects (contd.) Object
Page 9 and 10: 9 Object Header Field Handle count
Page 11 and 12: 11 Object Methods Method Open Close
Page 13 and 14: 13 Handles and Security Process han
Page 15 and 16: 15 Handle and Reference Count handl
Page 17 and 18: 17 Interesting Object Directories i
Page 19 and 20: 19 System Worker Threads Created at
Page 21 and 22: 21 Port Objects ALPC exports port o
Page 23 and 24: 23 Wow64 Allows execution of Win32
Page 25 and 26: 25 Wow64 File Locations Location of
Page 27 and 28: 27 Example: Cmd.exe on 64-bit Syste
Page 29 and 30: 29 Windows API - Overview APIs to W
Page 31 and 32: 31 Windows API Principles System re
Page 33 and 34: 33 Windows API Naming Conventions P
Page 35 and 36: 35 Differences from UNIX HANDLEs ar
Page 37 and 38: 37 Example Application Sequential f
Page 39 and 40: 39 Basic cp file copy program. UNIX
Page 41 and 42: 41 Basic cp file copy program. C li
Page 43 and 44: 43 Basic cp file copy program. Wind
Page 45 and 46: 45 Further Reading Mark E. Russinov
Page 47 and 48: Lab: 2013-9-23 Handles & ALPC
Page 49: ALPC Port Objects Use Winobj.exe to

process

Create successful ePaper yourself

Delete template?

Save as template?